Commit 343d5771 authored by Dag-Erling Smørgrav's avatar Dag-Erling Smørgrav
Browse files

Vendor import of OpenSSH 7.5p1.

parent 19ca8551
This diff is collapsed.
1. Prerequisites
----------------
A C compiler. Any C89 or better compiler should work. Where supported,
......@@ -231,7 +232,7 @@ manually using the following commands:
ssh-keygen -t [type] -f /etc/ssh/ssh_host_key -N ""
for each of the types you wish to generate (rsa, dsa or ecdsaa) or
for each of the types you wish to generate (rsa, dsa or ecdsa) or
ssh-keygen -A
......
......@@ -236,6 +236,8 @@ clean: regressclean
rm -f regress/unittests/sshkey/test_sshkey
rm -f regress/unittests/bitmap/*.o
rm -f regress/unittests/bitmap/test_bitmap
rm -f regress/unittests/conversion/*.o
rm -f regress/unittests/conversion/test_conversion
rm -f regress/unittests/hostkeys/*.o
rm -f regress/unittests/hostkeys/test_hostkeys
rm -f regress/unittests/kex/*.o
......@@ -262,6 +264,8 @@ distclean: regressclean
rm -f regress/unittests/sshkey/test_sshkey
rm -f regress/unittests/bitmap/*.o
rm -f regress/unittests/bitmap/test_bitmap
rm -f regress/unittests/conversion/*.o
rm -f regress/unittests/conversion/test_conversion
rm -f regress/unittests/hostkeys/*.o
rm -f regress/unittests/hostkeys/test_hostkeys
rm -f regress/unittests/kex/*.o
......@@ -426,6 +430,8 @@ regress-prep:
mkdir -p `pwd`/regress/unittests/sshkey
[ -d `pwd`/regress/unittests/bitmap ] || \
mkdir -p `pwd`/regress/unittests/bitmap
[ -d `pwd`/regress/unittests/conversion ] || \
mkdir -p `pwd`/regress/unittests/conversion
[ -d `pwd`/regress/unittests/hostkeys ] || \
mkdir -p `pwd`/regress/unittests/hostkeys
[ -d `pwd`/regress/unittests/kex ] || \
......@@ -503,6 +509,16 @@ regress/unittests/bitmap/test_bitmap$(EXEEXT): ${UNITTESTS_TEST_BITMAP_OBJS} \
regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
UNITTESTS_TEST_CONVERSION_OBJS=\
regress/unittests/conversion/tests.o
regress/unittests/conversion/test_conversion$(EXEEXT): \
${UNITTESTS_TEST_CONVERSION_OBJS} \
regress/unittests/test_helper/libtest_helper.a libssh.a
$(LD) -o $@ $(LDFLAGS) $(UNITTESTS_TEST_CONVERSION_OBJS) \
regress/unittests/test_helper/libtest_helper.a \
-lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
UNITTESTS_TEST_KEX_OBJS=\
regress/unittests/kex/tests.o \
regress/unittests/kex/test_kex.o
......@@ -558,13 +574,14 @@ regress-binaries: regress/modpipe$(EXEEXT) \
regress/unittests/sshbuf/test_sshbuf$(EXEEXT) \
regress/unittests/sshkey/test_sshkey$(EXEEXT) \
regress/unittests/bitmap/test_bitmap$(EXEEXT) \
regress/unittests/conversion/test_conversion$(EXEEXT) \
regress/unittests/hostkeys/test_hostkeys$(EXEEXT) \
regress/unittests/kex/test_kex$(EXEEXT) \
regress/unittests/match/test_match$(EXEEXT) \
regress/unittests/utf8/test_utf8$(EXEEXT) \
regress/misc/kexfuzz/kexfuzz$(EXEEXT)
tests interop-tests t-exec: regress-prep regress-binaries $(TARGETS)
tests interop-tests t-exec unit: regress-prep regress-binaries $(TARGETS)
BUILDDIR=`pwd`; \
TEST_SSH_SCP="$${BUILDDIR}/scp"; \
TEST_SSH_SSH="$${BUILDDIR}/ssh"; \
......
See https://www.openssh.com/releasenotes.html#7.4p1 for the release notes.
See https://www.openssh.com/releasenotes.html#7.5p1 for the release notes.
Please read https://www.openssh.com/report.html for bug reporting
instructions and note that we do not use Github for bug reporting or
......
......@@ -830,6 +830,8 @@ fake_password(const char *wire_password)
fatal("%s: password length too long: %zu", __func__, l);
ret = malloc(l + 1);
if (ret == NULL)
return NULL;
for (i = 0; i < l; i++)
ret[i] = junk[i % (sizeof(junk) - 1)];
ret[i] = '\0';
......
/* $OpenBSD: auth2-pubkey.c,v 1.60 2016/11/30 02:57:40 djm Exp $ */
/* $OpenBSD: auth2-pubkey.c,v 1.62 2017/01/30 01:03:00 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
......@@ -564,9 +564,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
{
char line[SSH_MAX_PUBKEY_BYTES], *cp, *ep, *line_opts;
u_long linenum = 0;
u_int i;
u_int i, found_principal = 0;
while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
/* Always consume entire input */
if (found_principal)
continue;
/* Skip leading whitespace. */
for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
;
......@@ -599,11 +602,12 @@ process_principals(FILE *f, char *file, struct passwd *pw,
if (auth_parse_options(pw, line_opts,
file, linenum) != 1)
continue;
return 1;
found_principal = 1;
continue;
}
}
}
return 0;
return found_principal;
}
static int
......@@ -727,6 +731,9 @@ match_principals_command(struct passwd *user_pw, const struct sshkey *key)
ok = process_principals(f, NULL, pw, cert);
fclose(f);
f = NULL;
if (exited_cleanly(pid, "AuthorizedPrincipalsCommand", command) != 0)
goto out;
......@@ -768,6 +775,9 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
char *cp, *key_options = NULL, *fp = NULL;
const char *reason = NULL;
/* Always consume entrire file */
if (found_key)
continue;
if (found != NULL)
key_free(found);
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
......@@ -854,7 +864,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
file, linenum, key_type(found), fp);
free(fp);
found_key = 1;
break;
continue;
}
}
if (found != NULL)
......@@ -1050,6 +1060,9 @@ user_key_command_allowed2(struct passwd *user_pw, Key *key)
ok = check_authkeys_file(f, options.authorized_keys_command, key, pw);
fclose(f);
f = NULL;
if (exited_cleanly(pid, "AuthorizedKeysCommand", command) != 0)
goto out;
......
/* $OpenBSD: auth2.c,v 1.136 2016/05/02 08:49:03 djm Exp $ */
/* $OpenBSD: auth2.c,v 1.137 2017/02/03 23:05:57 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
......@@ -212,6 +212,7 @@ input_service_request(int type, u_int32_t seq, void *ctxt)
static int
input_userauth_request(int type, u_int32_t seq, void *ctxt)
{
struct ssh *ssh = active_state; /* XXX */
Authctxt *authctxt = ctxt;
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
......@@ -235,9 +236,10 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
authctxt->user = xstrdup(user);
if (authctxt->pw && strcmp(service, "ssh-connection")==0) {
authctxt->valid = 1;
debug2("input_userauth_request: setting up authctxt for %s", user);
debug2("%s: setting up authctxt for %s",
__func__, user);
} else {
logit("input_userauth_request: invalid user %s", user);
/* Invalid user, fake password information */
authctxt->pw = fakepw();
#ifdef SSH_AUDIT_EVENTS
PRIVSEP(audit_event(SSH_INVALID_USER));
......@@ -247,6 +249,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt)
if (options.use_pam)
PRIVSEP(start_pam(authctxt));
#endif
ssh_packet_set_log_preamble(ssh, "%suser %s",
authctxt->valid ? "authenticating " : "invalid ", user);
setproctitle("%s%s", authctxt->valid ? user : "unknown",
use_privsep ? " [net]" : "");
authctxt->service = xstrdup(service);
......@@ -292,6 +296,7 @@ void
userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
const char *submethod)
{
struct ssh *ssh = active_state; /* XXX */
char *methods;
int partial = 0;
......@@ -353,6 +358,7 @@ userauth_finish(Authctxt *authctxt, int authenticated, const char *method,
packet_write_wait();
/* now we can break out */
authctxt->success = 1;
ssh_packet_set_log_preamble(ssh, "user %s", authctxt->user);
} else {
/* Allow initial try of "none" auth without failure penalty */
......
/* $OpenBSD: channels.c,v 1.356 2016/10/18 17:32:54 dtucker Exp $ */
/* $OpenBSD: channels.c,v 1.357 2017/02/01 02:59:09 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -3065,7 +3065,7 @@ channel_input_port_open(int type, u_int32_t seq, void *ctxt)
}
packet_check_eom();
c = channel_connect_to_port(host, host_port,
"connected socket", originator_string);
"connected socket", originator_string, NULL, NULL);
free(originator_string);
free(host);
if (c == NULL) {
......@@ -4026,9 +4026,13 @@ channel_connect_ctx_free(struct channel_connect *cctx)
memset(cctx, 0, sizeof(*cctx));
}
/* Return CONNECTING channel to remote host:port or local socket path */
/*
* Return CONNECTING channel to remote host:port or local socket path,
* passing back the failure reason if appropriate.
*/
static Channel *
connect_to(const char *name, int port, char *ctype, char *rname)
connect_to_reason(const char *name, int port, char *ctype, char *rname,
int *reason, const char **errmsg)
{
struct addrinfo hints;
int gaierr;
......@@ -4069,7 +4073,12 @@ connect_to(const char *name, int port, char *ctype, char *rname)
hints.ai_family = IPv4or6;
hints.ai_socktype = SOCK_STREAM;
snprintf(strport, sizeof strport, "%d", port);
if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop)) != 0) {
if ((gaierr = getaddrinfo(name, strport, &hints, &cctx.aitop))
!= 0) {
if (errmsg != NULL)
*errmsg = ssh_gai_strerror(gaierr);
if (reason != NULL)
*reason = SSH2_OPEN_CONNECT_FAILED;
error("connect_to %.100s: unknown host (%s)", name,
ssh_gai_strerror(gaierr));
return NULL;
......@@ -4092,6 +4101,13 @@ connect_to(const char *name, int port, char *ctype, char *rname)
return c;
}
/* Return CONNECTING channel to remote host:port or local socket path */
static Channel *
connect_to(const char *name, int port, char *ctype, char *rname)
{
return connect_to_reason(name, port, ctype, rname, NULL, NULL);
}
/*
* returns either the newly connected channel or the downstream channel
* that needs to deal with this connection.
......@@ -4136,7 +4152,8 @@ channel_connect_by_listen_path(const char *path, char *ctype, char *rname)
/* Check if connecting to that port is permitted and connect. */
Channel *
channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname)
channel_connect_to_port(const char *host, u_short port, char *ctype,
char *rname, int *reason, const char **errmsg)
{
int i, permit, permit_adm = 1;
......@@ -4161,9 +4178,11 @@ channel_connect_to_port(const char *host, u_short port, char *ctype, char *rname
if (!permit || !permit_adm) {
logit("Received request to connect to host %.100s port %d, "
"but the request was denied.", host, port);
if (reason != NULL)
*reason = SSH2_OPEN_ADMINISTRATIVELY_PROHIBITED;
return NULL;
}
return connect_to(host, port, ctype, rname);
return connect_to_reason(host, port, ctype, rname, reason, errmsg);
}
/* Check if connecting to that path is permitted and connect. */
......@@ -4354,6 +4373,33 @@ connect_local_xsocket(u_int dnr)
return connect_local_xsocket_path(buf);
}
#ifdef __APPLE__
static int
is_path_to_xsocket(const char *display, char *path, size_t pathlen)
{
struct stat sbuf;
if (strlcpy(path, display, pathlen) >= pathlen) {
error("%s: display path too long", __func__);
return 0;
}
if (display[0] != '/')
return 0;
if (stat(path, &sbuf) == 0) {
return 1;
} else {
char *dot = strrchr(path, '.');
if (dot != NULL) {
*dot = '\0';
if (stat(path, &sbuf) == 0) {
return 1;
}
}
}
return 0;
}
#endif
int
x11_connect_display(void)
{
......@@ -4375,15 +4421,22 @@ x11_connect_display(void)
* connection to the real X server.
*/
/* Check if the display is from launchd. */
#ifdef __APPLE__
if (strncmp(display, "/tmp/launch", 11) == 0) {
sock = connect_local_xsocket_path(display);
if (sock < 0)
return -1;
/* Check if display is a path to a socket (as set by launchd). */
{
char path[PATH_MAX];
/* OK, we now have a connection to the display. */
return sock;
if (is_path_to_xsocket(display, path, sizeof(path))) {
debug("x11_connect_display: $DISPLAY is launchd");
/* Create a socket. */
sock = connect_local_xsocket_path(path);
if (sock < 0)
return -1;
/* OK, we now have a connection to the display. */
return sock;
}
}
#endif
/*
......
/* $OpenBSD: channels.h,v 1.120 2016/10/18 17:32:54 dtucker Exp $ */
/* $OpenBSD: channels.h,v 1.121 2017/02/01 02:59:09 dtucker Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
......@@ -275,7 +275,8 @@ void channel_update_permitted_opens(int, int);
void channel_clear_permitted_opens(void);
void channel_clear_adm_permitted_opens(void);
void channel_print_adm_permitted_opens(void);
Channel *channel_connect_to_port(const char *, u_short, char *, char *);
Channel *channel_connect_to_port(const char *, u_short, char *, char *, int *,
const char **);
Channel *channel_connect_to_path(const char *, char *, char *);
Channel *channel_connect_stdio_fwd(const char*, u_short, int, int);
Channel *channel_connect_by_listen_address(const char *, u_short,
......
/* $OpenBSD: clientloop.c,v 1.289 2016/09/30 09:19:13 markus Exp $ */
/* $OpenBSD: clientloop.c,v 1.291 2017/03/10 05:01:13 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
......@@ -991,7 +991,7 @@ process_cmdline(void)
CHANNEL_CANCEL_PORT_STATIC,
&options.fwd_opts) > 0;
if (!ok) {
logit("Unkown port forwarding.");
logit("Unknown port forwarding.");
goto out;
}
logit("Canceled forwarding.");
......@@ -2390,6 +2390,26 @@ client_global_hostkeys_private_confirm(int type, u_int32_t seq, void *_ctx)
hostkeys_update_ctx_free(ctx);
}
/*
* Returns non-zero if the key is accepted by HostkeyAlgorithms.
* Made slightly less trivial by the multiple RSA signature algorithm names.
*/
static int
key_accepted_by_hostkeyalgs(const struct sshkey *key)
{
const char *ktype = sshkey_ssh_name(key);
const char *hostkeyalgs = options.hostkeyalgorithms != NULL ?
options.hostkeyalgorithms : KEX_DEFAULT_PK_ALG;
if (key == NULL || key->type == KEY_UNSPEC)
return 0;
if (key->type == KEY_RSA &&
(match_pattern_list("rsa-sha2-256", hostkeyalgs, 0) == 1 ||
match_pattern_list("rsa-sha2-512", hostkeyalgs, 0) == 1))
return 1;
return match_pattern_list(ktype, hostkeyalgs, 0) == 1;
}
/*
* Handle hostkeys-00@openssh.com global request to inform the client of all
* the server's hostkeys. The keys are checked against the user's
......@@ -2436,10 +2456,7 @@ client_input_hostkeys(void)
sshkey_type(key), fp);
free(fp);
/* Check that the key is accepted in HostkeyAlgorithms */
if (match_pattern_list(sshkey_ssh_name(key),
options.hostkeyalgorithms ? options.hostkeyalgorithms :
KEX_DEFAULT_PK_ALG, 0) != 1) {
if (!key_accepted_by_hostkeyalgs(key)) {
debug3("%s: %s key not permitted by HostkeyAlgorithms",
__func__, sshkey_ssh_name(key));
continue;
......
/* $OpenBSD: compat.c,v 1.99 2016/05/24 02:31:57 dtucker Exp $ */
/* $OpenBSD: compat.c,v 1.100 2017/02/03 23:01:19 djm Exp $ */
/*
* Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved.
*
......@@ -37,6 +37,7 @@
#include "compat.h"
#include "log.h"
#include "match.h"
#include "kex.h"
int compat13 = 0;
int compat20 = 0;
......@@ -250,42 +251,14 @@ proto_spec(const char *spec)
return ret;
}
/*
* Filters a proposal string, excluding any algorithm matching the 'filter'
* pattern list.
*/
static char *
filter_proposal(char *proposal, const char *filter)
{
Buffer b;
char *orig_prop, *fix_prop;
char *cp, *tmp;
buffer_init(&b);
tmp = orig_prop = xstrdup(proposal);
while ((cp = strsep(&tmp, ",")) != NULL) {
if (match_pattern_list(cp, filter, 0) != 1) {
if (buffer_len(&b) > 0)
buffer_append(&b, ",", 1);
buffer_append(&b, cp, strlen(cp));
} else
debug2("Compat: skipping algorithm \"%s\"", cp);
}
buffer_append(&b, "\0", 1);
fix_prop = xstrdup((char *)buffer_ptr(&b));
buffer_free(&b);
free(orig_prop);
return fix_prop;
}
char *
compat_cipher_proposal(char *cipher_prop)
{
if (!(datafellows & SSH_BUG_BIGENDIANAES))
return cipher_prop;
debug2("%s: original cipher proposal: %s", __func__, cipher_prop);
cipher_prop = filter_proposal(cipher_prop, "aes*");
if ((cipher_prop = match_filter_list(cipher_prop, "aes*")) == NULL)
fatal("match_filter_list failed");
debug2("%s: compat cipher proposal: %s", __func__, cipher_prop);
if (*cipher_prop == '\0')
fatal("No supported ciphers found");
......@@ -298,7 +271,8 @@ compat_pkalg_proposal(char *pkalg_prop)
if (!(datafellows & SSH_BUG_RSASIGMD5))
return pkalg_prop;
debug2("%s: original public key proposal: %s", __func__, pkalg_prop);
pkalg_prop = filter_proposal(pkalg_prop, "ssh-rsa");
if ((pkalg_prop = match_filter_list(pkalg_prop, "ssh-rsa")) == NULL)
fatal("match_filter_list failed");
debug2("%s: compat public key proposal: %s", __func__, pkalg_prop);
if (*pkalg_prop == '\0')
fatal("No supported PK algorithms found");
......@@ -312,10 +286,14 @@ compat_kex_proposal(char *p)
return p;
debug2("%s: original KEX proposal: %s", __func__, p);
if ((datafellows & SSH_BUG_CURVE25519PAD) != 0)
p = filter_proposal(p, "curve25519-sha256@libssh.org");
if ((p = match_filter_list(p,
"curve25519-sha256@libssh.org")) == NULL)
fatal("match_filter_list failed");
if ((datafellows & SSH_OLD_DHGEX) != 0) {
p = filter_proposal(p, "diffie-hellman-group-exchange-sha256");
p = filter_proposal(p, "diffie-hellman-group-exchange-sha1");
if ((p = match_filter_list(p,
"diffie-hellman-group-exchange-sha256,"
"diffie-hellman-group-exchange-sha1")) == NULL)
fatal("match_filter_list failed");
}
debug2("%s: compat KEX proposal: %s", __func__, p);
if (*p == '\0')
......
......@@ -736,6 +736,9 @@
/* Define to 1 if you have the <linux/seccomp.h> header file. */
#undef HAVE_LINUX_SECCOMP_H
/* Define to 1 if you have the `llabs' function. */
#undef HAVE_LLABS
/* Define to 1 if you have the <locale.h> header file. */
#undef HAVE_LOCALE_H
......
......@@ -647,6 +647,7 @@ COMMENT_OUT_ECC
TEST_SSH_ECC
LIBEDIT
PKGCONFIG
LDNSCONFIG
COMMENT_OUT_RSA1
LD
PATH_PASSWD_PROG
......@@ -7593,6 +7594,7 @@ $as_echo "#define USE_BTMP 1" >>confdefs.h
use_pie=auto
check_for_libcrypt_later=1
check_for_openpty_ctty_bug=1
CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE"
 
$as_echo "#define PAM_TTY_KLUDGE 1" >>confdefs.h
 
......@@ -9958,22 +9960,131 @@ LDNS_MSG="no"
# Check whether --with-ldns was given.
if test "${with_ldns+set}" = set; then :
withval=$with_ldns;
if test "x$withval" != "xno" ; then
ldns=""
if test "x$withval" = "xyes" ; then
if test -n "$ac_tool_prefix"; then
# Extract the first word of "${ac_tool_prefix}ldns-config", so it can be a program name with args.
set dummy ${ac_tool_prefix}ldns-config; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
if ${ac_cv_path_LDNSCONFIG+:} false; then :
$as_echo_n "(cached) " >&6
else
case $LDNSCONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_LDNSCONFIG="$LDNSCONFIG" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
IFS=$as_save_IFS
 
if test "x$withval" != "xyes" ; then
CPPFLAGS="$CPPFLAGS -I${withval}/include"
LDFLAGS="$LDFLAGS -L${withval}/lib"
fi
;;
esac
fi
LDNSCONFIG=$ac_cv_path_LDNSCONFIG
if test -n "$LDNSCONFIG"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $LDNSCONFIG" >&5
$as_echo "$LDNSCONFIG" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
 
 
$as_echo "#define HAVE_LDNS 1" >>confdefs.h
fi
if test -z "$ac_cv_path_LDNSCONFIG"; then
ac_pt_LDNSCONFIG=$LDNSCONFIG
# Extract the first word of "ldns-config", so it can be a program name with args.
set dummy ldns-config; ac_word=$2
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
$as_echo_n "checking for $ac_word... " >&6; }
if ${ac_cv_path_ac_pt_LDNSCONFIG+:} false; then :
$as_echo_n "(cached) " >&6
else
case $ac_pt_LDNSCONFIG in
[\\/]* | ?:[\\/]*)
ac_cv_path_ac_pt_LDNSCONFIG="$ac_pt_LDNSCONFIG" # Let the user override the test with a path.
;;
*)
as_save_IFS=$IFS; IFS=$PATH_SEPARATOR
for as_dir in $PATH
do
IFS=$as_save_IFS
test -z "$as_dir" && as_dir=.
for ac_exec_ext in '' $ac_executable_extensions; do
if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then
ac_cv_path_ac_pt_LDNSCONFIG="$as_dir/$ac_word$ac_exec_ext"
$as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5
break 2
fi
done
done
IFS=$as_save_IFS
 
LIBS="-lldns $LIBS"
LDNS_MSG="yes"
;;
esac
fi
ac_pt_LDNSCONFIG=$ac_cv_path_ac_pt_LDNSCONFIG
if test -n "$ac_pt_LDNSCONFIG"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_LDNSCONFIG" >&5
$as_echo "$ac_pt_LDNSCONFIG" >&6; }
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
fi
 
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ldns support" >&5
if test "x$ac_pt_LDNSCONFIG" = x; then
LDNSCONFIG="no"
else